number theory and cryptography - tulane universityzzheng3/teaching/cmps2170/fall18/...•theorem:...
TRANSCRIPT
Number Theory and Cryptography
CMPS/MATH 2170: Discrete Mathematics
Outline
• Divisibility and Modular Arithmetic (4.1)• Primes and GCD (4.3)• Solving Congruences (4.4)• Cryptography (4.6)
Division
Definition: Let !, # ∈ ℤ with ! ≠ 0. we say ! divides # if #/! ∈ ℤ• equivalently, # = *! for some * ∈ ℤ• we use ! | # to denote ! divides # (or # is divisible by !) • if ! | #, we say that ! is a factor or divisor of #
Ex. 1: Determine whether
a. 3 | 7
b. 3 | 12
Ex. 2: How many positive integers not exceeding , are divisible by 3? ,/3
Division (cont.)
Theorem: Let !, #, $ ∈ ℤ and ! ≠ 0. Then
(i) If ! | # and ! | $, then ! | (# + $)(ii) If ! | #, then ! | #$(iii) If ! | # and # | $ (# ≠ 0) , then ! | $
Prime Numbers
Definition: An integer ! > 1 is called prime if the only positive factors of !are 1 and !• ! is prime ⇔ ∀& ∈ ℤ): & | ! → & = 1 or & = !
Definition: An integer > 1 that is not prime is called composite
• 1 is neither prime nor composite
The Fundamental Theorem of Arithmetic
Theorem: Every positive integer > 1 can be written uniquely as a prime or as the product of two or more primes written in a non-decreasing order • “prime factorization of an integer”
Ex: 100 =641 =999 =
Proof of the fundamental theorem:
1. existence: strong induction
2. uniqueness: to be proved
q prime factorization is hard for large numbers2 ⋅ 2 ⋅ 5 ⋅ 5 = 2* ⋅ 5*
6413 ⋅ 3 ⋅ 3 ⋅ 37 = 3- ⋅ 37
Applications of the Fundamental Theorem
Theorem: A composite ! has a prime divisor ≤ !.
Corollary: An integer # > 1 is a prime if it is not divisible by any prime ≤ #.
Ex: Show that 101 is prime
Theorem: There are infinitely many primes
• A proof given by Euclid in The Elements
Two Great Open Problems on Primes
• Goldbach’s conjecture (1742): every even number ! > 2 is the sum of two primes• Every even number ! > 2 is the sum of at most 6 primes (1995)
• Every even number ! > 2 is the sum of a prime and a number that is either prime or the product of two primes (1+2, 1966)
• Twin prime conjecture (before 1849): there are infinitely many twin primes• Twin prime pairs: (3, 5), (5,7), (11, 13), (17, 19), (29, 31), …
• There are infinitely many pairs of prime numbers that differ by 246 or less (2014)
Greatest Common Divisors
Definition: Let !, # ∈ ℤ, not both zero. The largest integer & such that & | ! and & | # is called the greatest common divisor of ! and #, denoted by & = gcd(!, #)Ex: gcd 24, 36 =
gcd 17, 22 =gcd 120, 500 =
gcd 6789 ⋅ 6;8< ⋯6>8?, 67@9 ⋅ 6;@< ⋯6>@? = 67ABC(89,@9) ⋅ 6;ABC(8<,@<) ⋯6>ABC(8?,@?)
• Is there a more efficient way to find gcd?
121gcd(2D ⋅ 3 ⋅ 5, 2; ⋅ 5D) = 2; ⋅ 5 = 20
Least Common Multiples
Let !, # ∈ ℤ, !, # ≠ 0. The smallest positive integer that is divisible by both ! and # is called the least common multiple of ! and #, denoted by lcm(!, #)
Ex: lcm 24, 36 =
lcm(2345 ⋅ 2748 ⋯2:4;, 23<5 ⋅ 27<8 ⋯2:<;) = 23=>?(45,<5) ⋅ 27=>? (48,<8) ⋯2:=>?(4;,<;)
Theorem: For any positive integers ! and #, !# = gcd !, # ⋅ lcm(!, #)
lcm(2B ⋅ 3, 27⋅ 37) = 2B ⋅ 37 = 72
The Division Algorithm
Theorem: Let ! ∈ ℤ and $ ∈ ℤ%. Then there are unique &, ( ∈ ℤ, with 0 ≤ ( < $, such that
! = $& + (
Ex: ! = 101, $ = 2! = −11, $ = 3
& = ! div $( = ! mod $
divisor quotient remainder
= !/$= ! − $ !/$ $ | ! ⇔ ! mod $ = 0
The Division Algorithm
Theorem: Let ! ∈ ℤ and $ ∈ ℤ%. Then there are unique &, ( ∈ ℤ, with 0 ≤( < $, such that ! = $& + (1. Existence (5.2 Example 5): use the well-ordering property: “Every
nonempty subset of ℕ has a least element”
2. Uniqueness (exercise)
The Euclidean Algorithm
qA useful fact about the division algorithm:
Theorem: Let ! = #$ + &, where !, #, $, & ∈ ℤ. Then gcd !, # = gcd(#, &)
qA more efficient way to find gcd:
Euclidean Algorithm: find gcd !, # by successively applying the division algorithm
The Euclidean Algorithm
Ex: Find gcd 287,91 using the Euclidean Algorithm
287 = 91 ⋅ 3 + 1491 = 14 ⋅ 6 + 7⇒ gcd 287,91 = gcd(91,14) = gcd(14,7) = 7
gcd 287,91 = gcd(91,14)
gcd 91,14 = gcd(14,7)
GCDs as Linear CombinationsBezout’s Theorem: Let !, # ∈ ℤ&. There exist ', ( ∈ ℤ such that
gcd !, # = '! + (#
Ex: Find ', ( ∈ ℤ such that gcd 54,15 = ' ⋅ 54 + ( ⋅ 1554 = 3 ⋅ 15 + 915 = 1 ⋅ 9 + 69 = 1 ⋅ 6 + 3
9 = 54 − 3 ⋅ 156 = 15 − 1 ⋅ 93 = 9 − 1 ⋅ 6Backward substitution gives3 = 9 − 1 ⋅ 6= 9 − 1 ⋅ (15 − 1 ⋅ 9)= 2 ⋅ 9 − 1 ⋅ 15= 2 ⋅ 54 − 3 ⋅ 15 − 1 ⋅ 15= 2 ⋅ 54 − 7 ⋅ 15 ⇒ ' = 2, ( = −7
gcd 54,15 = gcd 15,9= gcd 9,6= gcd 6,3= 3
Applications of Bezout’s Theorem
Lemma: If !, #, $ ∈ ℤ' such that gcd !, # = 1 and ! | #$, then ! | $• We say that ! and # are relatively prime if gcd !, # = 1
Corollary: If . is a prime and . | !/!0 …!2 where each !3 is an integer, then . | !3for some 4.The Fundamental Theorem of Arithmetic: Every positive integer > 1 can be written uniquely as a prime or as the product of two or more primes where the primer factors are written in non-decreasing order
Proof: 1. existence: strong induction2. uniqueness: using the above corollary
Wrap Up1. Divisibility: ! | # ⇔ # = &! for some integer &2. Primes
• the Fundamental theorem of Arithmetic• A composite ' has a prime divisor ≤ '• there are infinite many primes
3. Greatest common divisor and least common multiple
4. Division algorithm: ! = )* + ,, 0 ≤ , < )• gcd !, ) = gcd(), ,)
5. Euclidean algorithm: find gcd by successively applying the division algorithm
6. Bezout’s Theorem: gcd !, # = 5! + 6#• If gcd !, # = 1 and ! | #8, then ! | 8
Congruences
Definition: Let !, # ∈ ℤ,& ∈ ℤ', we say ! is congruent to # modulo & if & | (! − #)• If ! is congruent to # modulo &,we write ! ≡ # (mod &)
• Examples
• 17 ≡ 5 mod 6 ?• 11 ≡ 8 mod 2 ?
• ! ≡ # mod & ⇔ & | (! − #)⇔ ! − # = :& for some : ∈ ℤ⇔ ! = :& + # for some : ∈ ℤ
14 ≡ 2 mod 1223 ≡ 11 (mod 12)
Congruences (cont.)
Theorem: Let !, #, $, % ∈ ℤ,( ∈ ℤ)
• ! ≡ # mod ( ⇔ (! mod () = (# mod ()• If ! ≡ # (mod () and # ≡ $ (mod (), then ! ≡ $ mod (
• If ! ≡ # (mod () and $ ≡ % (mod (), then ! + $ ≡ # + % (mod () and !$ ≡ #% (mod ()
Theorem: Let ! ∈ ℤ,( ∈ ℤ). There is a unique !3 ∈ {0,1, … ,( − 1} such that ! ≡ !3 (mod ().
Arithmetic Modulo !ℤ# = 0,1, … ,! − 1Addition modulo !: * +# , = * + , mod !Multiplication modulo !: * ⋅# , = * ⋅ , mod !
Ex: 6 +239, 7 ⋅22 8
• * +# , = 7 ⇒ * + , ≡ 7 mod !• * ⋅# , = 7 ⇒ * ⋅ , ≡ 7 (mod !)
Properties of ℤ"For any #, %, & ∈ ℤ"• Closure: # +" % ∈ ℤ"
# ⋅" % ∈ ℤ"
• Associativity: # +" % +" & = # +" (% +" &)# ⋅" % ⋅" & = # ⋅" (% ⋅" &)
• Commutativity: # +" % = % +" ## ⋅" % = % ⋅" #
Properties of ℤ"For any #, %, & ∈ ℤ"• Distributivity: # ⋅" % +" & = # ⋅" % +" # ⋅" &
(# +"%) ⋅" & = # ⋅" & +" % ⋅" &
• Identity elements: # +" 0 = 0 +" # = ## ⋅" 1 = 1 ⋅" # = #
• Additive inverse: For every # ∈ ℤ", there is % ∈ ℤ", such that # +" % = 00 +" 0 = 0# +" / − # = 0 for # ≠ 0
Properties of ℤ"• For # ∈ ℤ" , & ∈ ℤ" is a multiplicative inverse of # if # ⋅" & = 1,
• does 2 have a multiplicative inverse in ℤ+?
• does 2 have a multiplicative inverse modulo ℤ,?
• Theorem: # has a multiplicative inverse in ℤ" if and only if gcd #,0 = 1.
• Corollary: Every non-zero element has a multiplicative inverse in ℤ2 when 3 is prime
No
Yes 2 ⋅ 3 ≡ 1 mod 5
Additive Inverse and Multiplicative Inverse
• For $, & ∈ ℤ,• & is an additive inverse of $ modulo ) ∈ ℤ* if $ + & ≡ 0 mod )• & is an multiplicative inverse of $ modulo ) ∈ ℤ* if $ ⋅ & ≡ 1 mod )
• Theorem: $ ∈ ℤ and $ ≠ 0 has a multiplicative inverse modulo ) ∈ ℤ* if and only if gcd $,) = 1. Furthermore, an inverse, when it exists, is unique modulo ).
Find Multiplicative Inverses
Ex 1: Find a multiplicative inverse of 3 modulo 73# ≡ 1 ≡ 8 ≡ 15 (mod 7) ⇒ # ≡ 5 (mod 7)
Ex 2: Find a multiplicative inverse of 5 modulo 35# ≡ 1 ≡ 4 ≡ 7 ≡ 10 (mod 3) ⇒ # ≡ 2 mod 3
Use Bezout’s Theorem to find an inverse of 1 modulo 2, where gcd 1,2 = 1• find 7, 8 ∈ ℤ such that 71 + 82 = 1• 7 is a multiplicative inverse of 1 modulo 2
Ex 3: Find an inverse of 101 modulo 4620 (4.4 Example 2)
Solving Linear CongruencesProblem: Given !, # ∈ ℤ, & ∈ ℤ', find ( ∈ ℤ such that
!( ≡ # (mod &)
Let us first assume gcd !,& = 1.
Ex: Find the solution of 3( ≡ 4 mod 7
3( ≡ 4 ≡ 11 ≡ 18 mod 7⇒ ( ≡ 6 mod 7
We know 3 ⋅ 5 ≡ 1 mod 7Then 3( ≡ 4 mod 7⇒ 5 ⋅ 3( ≡ 5 ⋅ 4 (mod 7)⇒ ( ≡ 20 ≡ 6 (mod 7)
Solving Linear Congruences
Problem: Given !, # ∈ ℤ, & ∈ ℤ', find all ( ∈ ℤ such that
!( ≡ # (mod &)
Q: What if gcd !,& = 2 > 1?
A: For the linear congruence to have a solution, we must have 2 | #⇒We only need to solve !8( ≡ #8 mod &′ where !′ = :
; , #8 = <
; , and &8 = =;
Ex: Find the solution of 15( ≡ 6 mod 9
Modular Exponentiation and Fermat’s Little Theorem
Ex: Find 2" mod 7
Fermat’s Little Theorem: If ' is prime, then for every integer ( we have
() ≡ ( (mod ')Further, if ( is not divisible by ', then
()-. ≡ 1 (mod ')
ØSee 4.4 Exercise 19 for a proof sketch
Ex: Find 7000 mod 11
To compute (1 mod ' where ' is prime and ' ∤ (• First write 3 = 5 ' − 1 + 8 where 0 ≤ 8 < ' − 1• Then (1 = (< )-. =>
= (()-. )<(>≡ 1<(> (mod ')≡ (> (mod ')
Pierre de Fermat
Fast Modular Exponentiation
Ex: Find 3"# mod 645
36 = 2' + 2)
3)* mod 645 = 9
3)+ mod 645 = 9) mod 645 = 813)1 mod 645 = 81) mod 645 = 6561 mod 645 = 1113)5 mod 645 = 111) mod 645 = 12,321 mod 645 = 663)7 mod 645 = 66) mod 645 = 4356 mod 645 = 4863"# mod 645 = 3)7 ⋅ 3)+ mod 645 = 486 ⋅ 81 mod 645 = 21
Outline
• Divisibility and Modular Arithmetic (4.1)• Primes and GCD (4.3)• Solving Congruences (4.4)• Cryptography (4.6)
Introduction to Cryptography
• Classical Cryptography
• Shift Cipher • Affine Cipher
• Public Key Cryptography
• RSA
Symmetric Key Cryptography
Eve
Symmetric Key Cryptography
• Bob and Alice need to share the secret key !• Need to make sure " = $%('%("))
"
Type equationhere.7 = '% " " = $% 7
Bob
"Alice
7
Eve
encryption decryption
Shift Cipher
• Caesar Cipher: shift each letter three letters forward in the alphabet• Plain: ! " # $ % & …( ) * + , - .• Cipher: / 0 1 2 ℎ 4 …5 6 7 8 9 : ;• Ex: TULANE → 56=/>ℎ
• Mathematically, encode letters as numbers in ℤ@A = {0,1, … , 25}• ! " # $ % & … ) * + , - .• 0 1 2 3 4 5 … 20 21 22 23 24 25
• Encryption: ; = 0L M = M + O mod 26• Decryption: M = /L ; = ; − O mod 26• Do we have M = /L(0L(M))?
M: plaintext, ;: ciphertext, O: keyM, ;, O ∈ ℤ@A
Affine Cipher
• Encryption: ! = # ⋅ % + ' mod 26• #, ' is the key where #, ' ∈ ℤ01 and gcd #, 26 = 1
• Ex: # = 7, ' = 3, % = 10 (‘8’), what is !?
• Decryption: % = 9# ! − ' mod 26• 9# ∈ ℤ01, # 9# ≡ 1 (mod 26)
• Do we have % = >?(@?(%))?
! = 21 (‘v’)
Public Key Cryptography
Anyone can send a secret (encrypted) message to the receiver, without any prior contact, using publicly available info.
Albert R. Meyer March 13, 2013
Public Key Cryptography
• Invented by Diffie & Hellman in 1976
• They shared the 2015 Turing Award
• Why Public Key Cryptography?
• Key distribution
• Digital signature
Public Key Cryptography
• Alice has a key pair ! = !#$%, !#'() , Bob only knows !#$%• Need to make sure * = +,-./0(2,-34(*))
*
Type equation here.D = 2,-34 * * = +,-./0 D
Bob
*Alice
D
encryption decryption
Eve
The RSA Cryptosystem
• One of the first practical public key cryptosystems
• Invented by Ronald Rivest, Adi Shamir, and Lenoard Adleman in 1976
• They shared the 2002 Turing Award
• Based on the difficulty of factoring large numbers into primes
The RSA Cryptosystem
Message Encoding: 1. Each letter is encoded into a two-digit number
! " # … % & ' ( … ) * + , - . / 0 1 2 3 400 01 02 …08 09 10 11 …14 15 16 17 18 19 20 21 22 23 24 25
2. A message is divided into ? letter blocks such that the maximum 2? digits does not exceed @
Ex: @ = 2537, a message is divided into 2 letter blocks (2525 < 2537<252525)• Message STOP is translated into two blocks 1819 1415
Plain and cipher texts are numbers in ℤD = 0,1, … , @ − 1 .
The RSA Cryptosystem
Key generation (by Alice):1. Select two large primes !, #, ! ≠ #2. ' = ! ⋅ #3. Select a small odd integer * that is relatively prime to (! − 1)(# − 1)4. Compute / such that /* ≡ 1 (mod ! − 1 # − 1 )5. 5678 = ', * is the public key
6. 56:;< = (', /) is the private key
Ex: ! = 43 # = 59 ' = ! ⋅ # = 2537 * = 13 / = 3615678 = (2537, 13), 56:;< = (2537, 361)
RSA Encryption and DecryptionTo encrypt a plaintext ! use the public key (#, %)
' = !) mod #To decrypt a ciphertext ' use the private key (#, -)
! = '. mod #
Ex: Encrypt the message STOP with the public key (2537, 13)• Message STOP is translated into two blocks 1819 1415• Compute 181978 mod 2537, 141578 mod 2537 using fast modular exponentiation
Do we have ! = -9(%9(!))?
Security of RSA: It is hard to guess - given (#, %) (hard to factor # = :; for large : and ;)
Need to show !) . ≡ ! mod :; (Section 4.6)
Public Key Cryptography
• Alice has a key pair ! = !#$%, !#'() , Bob only knows !#$%• Need to make sure * = +,-./0(2,-34(*))
*
Type equation here.D = 2,-34 * * = +,-./0 D
Bob
*Alice
D
encryption decryption
Eve
Digital Signature
• Alice has a key pair ! = !#$%, !#'()• Need to make sure * = +,-./(1,-234(*))
*
Type equation here.* = +,-./ D D = 1,-234 *
Bob
*Alice
D
verification signing
Eve